mirror of
https://github.com/OpenVPN/openvpn3.git
synced 2024-09-19 19:52:15 +02:00
Implement allowing local LAN access
On Android local networks need to be excluded from the default (or any other route) route if they should bypass the VPN. This adds a callback to specifically bypass the local LAN networks.
This commit is contained in:
parent
2105b4b7c0
commit
0a0d080a49
@ -435,6 +435,7 @@ namespace openvpn {
|
||||
std::string tls_version_min_override;
|
||||
std::string tls_cert_profile_override;
|
||||
std::string gui_version;
|
||||
bool allow_local_lan_access;
|
||||
ProtoContextOptions::Ptr proto_context_options;
|
||||
PeerInfo::Set::Ptr extra_peer_info;
|
||||
HTTPProxyTransport::Options::Ptr http_proxy_options;
|
||||
@ -684,6 +685,7 @@ namespace openvpn {
|
||||
state->force_aes_cbc_ciphersuites = config.forceAesCbcCiphersuites;
|
||||
state->tls_version_min_override = config.tlsVersionMinOverride;
|
||||
state->tls_cert_profile_override = config.tlsCertProfileOverride;
|
||||
state->allow_local_lan_access = config.allowLocalLanAccess;
|
||||
state->gui_version = config.guiVersion;
|
||||
state->alt_proxy = config.altProxy;
|
||||
state->dco = config.dco;
|
||||
@ -959,6 +961,7 @@ namespace openvpn {
|
||||
cc.gui_version = state->gui_version;
|
||||
cc.extra_peer_info = state->extra_peer_info;
|
||||
cc.stop = state->async_stop_local();
|
||||
cc.allow_local_lan_access = state->allow_local_lan_access;
|
||||
#ifdef OPENVPN_GREMLIN
|
||||
cc.gremlin_config = state->gremlin_config;
|
||||
#endif
|
||||
|
@ -282,6 +282,10 @@ namespace openvpn {
|
||||
// pass through control channel INFO notifications via "INFO" event
|
||||
bool info = false;
|
||||
|
||||
// Allow access to local LAN. This is for platforms like
|
||||
// Android that disable local LAN access by default.
|
||||
bool allowLocalLanAccess = false;
|
||||
|
||||
// Periodic convenience clock tick in milliseconds.
|
||||
// Will call clock_tick() at a frequency defined by this parameter.
|
||||
// Set to 0 to disable.
|
||||
|
@ -44,6 +44,7 @@
|
||||
namespace std {
|
||||
%template(ClientAPI_ServerEntryVector) vector<openvpn::ClientAPI::ServerEntry>;
|
||||
%template(ClientAPI_LLVector) vector<long long>;
|
||||
%template(ClientAPI_StringVec) vector<string>;
|
||||
};
|
||||
|
||||
// interface to be bridged between C++ and target language
|
||||
|
@ -143,6 +143,7 @@ namespace openvpn {
|
||||
bool force_aes_cbc_ciphersuites = false;
|
||||
bool autologin_sessions = false;
|
||||
bool retry_on_auth_failed = false;
|
||||
bool allow_local_lan_access = false;
|
||||
std::string tls_version_min_override;
|
||||
std::string tls_cert_profile_override;
|
||||
PeerInfo::Set::Ptr extra_peer_info;
|
||||
@ -347,6 +348,7 @@ namespace openvpn {
|
||||
tunconf->builder = config.builder;
|
||||
tunconf->tun_prop.session_name = session_name;
|
||||
tunconf->tun_prop.google_dns_fallback = config.google_dns_fallback;
|
||||
tunconf->tun_prop.allow_local_lan_access = config.allow_local_lan_access;
|
||||
if (tun_mtu)
|
||||
tunconf->tun_prop.mtu = tun_mtu;
|
||||
tunconf->frame = frame;
|
||||
|
@ -228,6 +228,15 @@ namespace openvpn {
|
||||
return true;
|
||||
}
|
||||
|
||||
// When the exclude local network option is enabled this
|
||||
// function is called to get a list of local networks so routes
|
||||
// to exclude them from the VPN network are generated
|
||||
// This should be a list of CIDR networks (e.g. 192.168.0.0/24)
|
||||
virtual const std::vector<std::string> tun_builder_get_local_networks(bool ipv6)
|
||||
{
|
||||
return {};
|
||||
}
|
||||
|
||||
// Indicates a reconnection with persisted tun state.
|
||||
virtual void tun_builder_establish_lite()
|
||||
{
|
||||
|
@ -63,6 +63,7 @@ namespace openvpn {
|
||||
std::string session_name;
|
||||
int mtu = 0;
|
||||
bool google_dns_fallback = false;
|
||||
bool allow_local_lan_access = false;
|
||||
Layer layer{Layer::OSI_LAYER_3};
|
||||
|
||||
// If remote_bypass is true, obtain cached remote IPs from
|
||||
@ -126,7 +127,28 @@ namespace openvpn {
|
||||
add_remote_bypass_routes(tb, *config.remote_list, server_addr, eer.get(), quiet);
|
||||
|
||||
// add routes
|
||||
add_routes(tb, opt, server_addr, ipv, eer.get(), quiet);
|
||||
if (config.allow_local_lan_access)
|
||||
{
|
||||
// query local lan exclude routes and then
|
||||
// copy option list to construct a copy with the excluded routes as route options
|
||||
OptionList excludedRoutesOptions = opt;
|
||||
for (const std::string& exRoute: tb->tun_builder_get_local_networks(false))
|
||||
{
|
||||
excludedRoutesOptions.add_item(Option{"route", exRoute, "", "net_gateway"});
|
||||
}
|
||||
|
||||
for (const std::string& exRoute: tb->tun_builder_get_local_networks(true))
|
||||
{
|
||||
excludedRoutesOptions.add_item(Option{"route-ipv6", exRoute, "", "net_gateway"});
|
||||
}
|
||||
|
||||
add_routes(tb, excludedRoutesOptions, ipv, eer.get(), quiet);
|
||||
}
|
||||
else
|
||||
{
|
||||
add_routes(tb, opt, ipv, eer.get(), quiet);
|
||||
}
|
||||
|
||||
|
||||
if (eer)
|
||||
{
|
||||
@ -377,7 +399,6 @@ namespace openvpn {
|
||||
|
||||
static void add_routes(TunBuilderBase* tb,
|
||||
const OptionList& opt,
|
||||
const IP::Addr& server_addr,
|
||||
const IPVerFlags& ipv,
|
||||
EmulateExcludeRoute* eer,
|
||||
const bool quiet)
|
||||
|
Loading…
Reference in New Issue
Block a user